Data Protection

Sep, 15 2025

Scope and Role

This Data Protection Notice describes how IsisRest collects, uses, discloses, and protects personal data in connection with our website and services provided in the United States. While IsisRest operates in the United States, we apply practices designed to comply with applicable U.S. federal and state privacy laws and, where the General Data Protection Regulation (GDPR) applies, we implement GDPR-aligned measures for individuals in the EU/EEA, UK, and Switzerland.

This Notice applies to personal data processed when you visit our site, create an account or subscription, contact us, or otherwise interact with IsisRest.

Identity of the Controller and Contact

Controller: IsisRest (owned and operated by Brittany Knighten)

Postal Address: 400 S Eagle St, Naperville, IL 60540, United States

Email: [email protected]

For any privacy inquiry or to exercise your rights, please contact us via email or post.

Categories of Personal Data We Process

Data You Provide

  • Identifiers and contact information (e.g., name, email address, postal address, phone number) when you subscribe, create an account, or contact us.
  • Account credentials and profile details if you register.
  • Content of communications, support requests, survey responses, and feedback.
  • Professional or academic information if you choose to provide it (e.g., healthcare role, institution).
  • Health-related information only if you voluntarily submit it in free-text fields; we do not request protected health information.

Data Collected Automatically

  • Device and internet activity (e.g., IP address, device identifiers, browser type, operating system, referring URLs, pages viewed, time stamps).
  • Usage and diagnostic data (e.g., feature interactions, session duration, performance data).
  • Approximate location derived from IP address.
  • Cookie, SDK, and similar technology data for essential functions, analytics, and, where applicable, advertising measurement.

Data from Third Parties

  • Service providers that support hosting, analytics, email delivery, security, and customer support.
  • Advertising and measurement partners that may provide aggregated or pseudonymous insights.

Purposes of Processing and Lawful Bases

We process personal data for the following purposes and, where GDPR applies, under the listed lawful bases:

  • Provide, secure, and maintain our services; manage accounts; troubleshoot; and ensure availability and integrity (performance of a contract; legitimate interests).
  • Respond to inquiries and support requests (performance of a contract; legitimate interests).
  • Send administrative messages, service notices, and changes to terms (performance of a contract; legal obligation; legitimate interests).
  • Improve content quality, usability, and relevance; conduct analytics, research, and performance measurement (legitimate interests; consent where required).
  • Personalize content and, where applicable, measure or deliver advertising consistent with your preferences (consent where required; legitimate interests).
  • Protect against fraud, abuse, security incidents, and legal claims; comply with legal obligations (legal obligation; legitimate interests).
  • With your consent for specific optional features (consent). You may withdraw consent at any time without affecting prior lawful processing.

Cookies and Similar Technologies

We use cookies, pixel tags, local storage, and similar technologies to:

  • Enable essential site functionality and security.
  • Perform analytics and measure site performance.
  • Remember preferences and enhance user experience.
  • Where applicable, measure or deliver advertising consistent with your choices.

Where required by law, we seek your consent for non-essential cookies. You can adjust browser settings to block or delete cookies; doing so may affect site functionality.

Disclosures and Recipients

We disclose personal data to:

  • Service providers and processors that act on our behalf for hosting, cloud services, analytics, email delivery, security, customer support, and similar functions.
  • Advertising and measurement partners for analytics and, where applicable, targeted advertising or cross-context behavioral advertising, subject to your choices.
  • Professional advisors (legal, accounting, insurance) under confidentiality.
  • Authorities or other parties when required by law, legal process, or to protect rights, safety, and security.
  • Relevant parties in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate safeguards.

We do not sell personal information for money. Under certain U.S. state laws, our disclosure of identifiers and internet activity to advertising or analytics partners may be considered a “sale,” “share,” or “targeted advertising.” You may opt out as described in this Notice.

International Data Transfers

We are based in the United States. If you access our services from outside the U.S., your data may be transferred to and processed in the U.S. and other countries that may not provide the same level of data protection as your home jurisdiction. Where GDPR applies, we rely on appropriate safeguards such as Standard Contractual Clauses and implement supplementary measures as needed.

Data Retention

We retain personal data for as long as necessary to fulfill the purposes described, including to comply with legal, accounting, or reporting requirements, and then delete or de-identify data. Criteria used include the nature of the data, the purpose of processing, legal obligations, and potential disputes. Illustrative ranges include:

  • Account data: retained for the life of the account and a reasonable period thereafter.
  • Support communications: typically retained up to 3 years after resolution.
  • Analytics data: typically retained up to 24–26 months, subject to configuration.
  • Cookie data: retained per cookie lifetime settings and applicable law.

Security Measures

We implement administrative, technical, and physical safeguards designed to protect personal data, including access controls, encryption in transit, network monitoring, and vendor due diligence. No system can be guaranteed 100% secure; we maintain and review controls to mitigate reasonably foreseeable risks.

Your GDPR Rights (EEA, UK, Switzerland)

Where GDPR or similar laws apply, you may have the right to:

  • Access your personal data and receive a copy.
  • Correct inaccurate or incomplete data.
  • Delete personal data in certain circumstances.
  • Restrict or object to processing, including processing based on legitimate interests and direct marketing.
  • Data portability for data you provided to us.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with a supervisory authority. We encourage you to contact us first so we may address your concerns.

U.S. State Privacy Rights

Right to Know/Access, Correction, and Deletion

Residents of certain U.S. states (e.g., California, Colorado, Connecticut, Utah, Virginia) may request to know/access categories and specific pieces of personal information we collected, request correction of inaccuracies, and request deletion, subject to applicable exceptions.

Right to Opt Out of Sale/Sharing/Targeted Advertising

You may opt out of our processing considered a “sale,” “sharing,” or “targeted advertising” under applicable state laws. We do not sell personal information for money. Where our use of analytics or advertising technologies constitutes a “sale” or “sharing,” you can opt out by contacting us as described below or by using a browser or device-level opt-out signal (e.g., Global Privacy Control), which we honor to the extent required by law.

Sensitive Personal Information

We do not seek to collect sensitive personal information. If you voluntarily submit health-related information, we process it only to respond to your request or provide the services you asked for, and not for inferring characteristics or for cross-context behavioral advertising.

Non-Discrimination

We will not discriminate against you for exercising your privacy rights, consistent with applicable law.

Appeals

If we deny your rights request, you may appeal by replying to our decision or emailing [email protected] with “Privacy Appeal” in the subject line. If your appeal is denied, you may contact your state attorney general, where applicable.

How to Exercise Your Rights

To exercise privacy rights or submit requests, contact us at [email protected] or by mail: IsisRest, 400 S Eagle St, Naperville, IL 60540, United States. Please provide sufficient information to verify your identity (and authorization, if applicable). We will respond within the time frames required by law (generally 30 days under GDPR and 45 days under certain U.S. state laws, subject to permissible extensions).

Authorized agents may submit requests where permitted by law, subject to verification and proof of authority.

Do Not Track and Global Privacy Control

Some browsers send Do Not Track (DNT) signals; there is no common industry standard for responding to DNT. We honor legally recognized browser or device-based opt-out signals, such as the Global Privacy Control (GPC), to the extent required by applicable law.

Children’s Privacy

Our services are intended for individuals 16 years and older and are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us at [email protected] and we will take appropriate action.

Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects about you without human involvement. We may use automated tools for analytics, security, content performance, and personalization consistent with this Notice.

HIPAA Notice

IsisRest is not a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA). Do not submit protected health information. Any health-related information you voluntarily provide is processed in accordance with this Notice and applicable privacy laws.

Changes to This Notice

We may update this Notice from time to time to reflect changes in our practices or the law. Material changes will be indicated by updating the “Effective Date” below. Your continued use of our services after changes become effective constitutes acceptance.

Effective Date

Effective Date: September 15, 2025

Categories

Archives

© 2025. All rights reserved.